Not an IT pro?

Clint Huffman is a Microsoft Premier Field Engineer (PFE) who has been with Microsoft for over 10 years. This blog documents the challenges he faces week to week in hopes that these experiences will help others.

You have arrived at this point in the adventure because you have identified high processor usage on your Windows computer. If this is not correct, then return to the Start of the Adventure.

Threads (the worker bees of a process) can execute in one of two modes: User Mode or Privileged Mode

This article will help you determine what kind of processor mode your computer or server is spending most of it’s time in. This is important because this is a major decision path in the adventure and change change the troubleshooting steps and the outcome dramatically.

Privileged (Kernel) Mode

Privileged Time is the amount of time being spent in the Windows kernel executing system calls such as drivers, IRPs (I/O Request Packets), context switching, etc. If the operating system is spending more than 30% of it’s time in privileged mode, then it means that it is likely doing a high amount of I/O and one or more of the drivers are executing to manage that I/O.

You can identify this by using Task Manager, clicking on the Performance tab, then go to View, Show Kernel Times or by using the “\Processor(*)\% Privileged Time” performance counter in Performance Monitor.

The following screenshot shows a high amount of privileged time processor usage.

If your computer or server is spending more than 30% of it’s time in privileged mode, then look at a % DPC Time, % Interrupt Time, and Context Switches/sec in performance monitor.

User Mode

User Time is the amount of time the processor spends executing application code therefore we need to determine what processes are consuming the most time and the function calls they are executing the most.

You can identify this by using Task Manager, clicking on the Performance tab, then go to View, Show Kernel Times or by using the “\Processor(*)\% User Time” performance counter in Performance Monitor.

The following screenshot shows a high amount of user time processor usage.